Posted
by
samzenpus
on Wednesday December 14, 2011 @03:25PM
from the consider-yourself-off-my-friends-list dept.

First time accepted submitter lacaprup writes "Chinese-based hacking of 760 different corporations reflects a growing, undeclared cyber war. From giants like Intel and Google to unknowns like iBahn, the Chinese hackers are accused of stealing everything isn't nailed down. Simply put, it is easier and cheaper to steal rather than develop the legal way. China has consistently denied it has any responsibility for hacking that originated from servers on its soil, but — based on what is known of attacks from China, Russia and other countries — a declassified estimate of the value of the blueprints, chemical formulas and other material stolen from U.S. corporate computers in the last year reached almost $500 billion"

Yep pretty sure us Yankees invented the concept, along w the personal computer and the internet, shame some of us are getting schooled on it, a glimpse into American decay? Or the start of a security renaissance?

Also, patent violations were an American concept back in the day (see Hollywood). Countries (and companies) on the way up view patents as a hindrance, shackling their energy and creativity. Countries on the way down view them as a benefit, holding on to their accumulated wealth and power even once they're no longer earning it.

I don't know how the mix-up of patents with copyright in the first sentence didn't trigger mods' troll alarms. Add to that the fact that Chinese patents applications have grown massively in recent years to nearly equal US patent filing rates, making parent's premise entirely wrong.

No, countries on the way up don't view patents as hindrance -- they view patents by established competitors as a hindrance, while patents by them are advantageous and pursued emphatically.

Those who create new things have no fear of copying, because they have confidence in their ability to do better than people who can do nothing but copy.Those who continue to profit from innnovation long-since departed fear copying, because they know that's all they've got.

Perhaps you missed the reference, but Hollywood became the mecca of film precisely because they were ignoring the draconian restrictions imposed on them by Edison's patent enforcement group. In fact, the very reason film-makers congregated

Do you inhabit the minds of all those who create new things thus that you can declare, for all of them, that they have no fear of copying? I have heard plenty of creative people express concern about whether they will be able to get the rewards for their work or whether someone else will. Where unfettered, free copying is allowed, it is not the most creative people who will succeed, it is the people with the biggest marketing budgets. A few rare individuals will come up with brand new things and hit the jac

The US started the industrial revolution by blatantly ripping off European patents in the late 1800s. It wasn't until they discovered some value when they retroactively started enforcing them worse than everyone else.

Digital security only reached great public consciousness in the past decade and a half, after much infrastructure was already built up in the US. China is modernizing in a much more security conscious time, so they have a bit of an advantage there. The US is also further along in digitizing things (whether they should be or not), which puts them at a disadvantage.

Also, and this is probably the biggest one imho, the government has privatized everything. All other considerations aside, if you have digital and classified documents in a lot of third parties' hands, you're going to open yourself up to a lot of attack vectors. All in all, it's a nightmare thinking about keeping a network that includes every military contractor secure.

Germany is indeed a thriving example of greatness right now; their economy is strong and they export all kinds of high-value, high quality stuff. If it weren't for Greece and Portugal, the place would make us look pathetic (which isn't hard, honestly). The way it's looking now, they might just kick Greece out of the EU (or Greece might leave on its own), which will probably be a lot better for Germany.

Though the strange thing with "financial experts" seems to be that you will allways find another "expert" who tells you the exact opposite of what the previous guy said.I have the feeling those finance gurus are more close to fortune-tellers than to scientists.

I'm sure you're correct about that feeling. "Economics" simply isn't a real science, it's pseudoscience as it doesn't produce any theories that can actually be tested. Unfortunately, our societies depend greatly on economics, so even though it's really not much different than shamans trying to cure diseases with chants and incantations and potions, it's the best we've got.

I can live with either one more readily than doing nothing and taking it UTA.

It would be pretty damn interesting if the US turned around and told China, here's a bill for piracy, if you don't pay, we don't repay our debt. And what can you do, that we haven't already done to ourselves? Check and mate, and possibly nuclear holocaust in one easy move.

But as long as Americans don't understand why they shouldn't be shopping at Walmart, consistently vote against their own interests, and are too focused on

If you hang you underwear out to dry, the neighbors will see it. Same with trade secrets. In order to be protected by law, one is required to make reasonable efforts to protect trade secrets. Obviously nowadays, when $500 billion worth of trade secrets are being stolen, these trade secrets are not being adequately protected. These secrets are, in effect, out on the line in plane sight, just like the aforementioned underwear. Too bad our government is more interested in stopping movie downloads.

That's the exact same thing as saying, because your safe can be cracked, then your trade secrets that you held in it are in plain site. In other words, because someone was able to steal them, then they are not covered.

Requiring a spy to steal your details, or for you entire computer system to be hacked in certainly a reasonable-enough effort at protecting your trade secrets.

People should be stopped from illegal downloads as it is stealing, but the level of focus definitely makes no sense in comparison to other issues facing the nation. The entire entertainment industry has a nonsensical amount of power, but that does not change the lunacy of the rest of your--hopefully--sarcastic point.

It's been that way for a very long time, long before computers were penetrated to gather trade secrets. For a long time the two major Communist nations in this world, the USSR and the People's Republic of China, did not have the resources to develop many advanced things. The Russians cloned our bombers that landed in Soviet territory, with the only differences being switching to metric units for things like sheetmetal gauge as opposed to SAE units. The US government tried very hard to keep particularly sensitive, new weapons out of Russia's hands during World War II, and out of China's hands during Korea and Vietnam.

Unfortunately now, we've decided to send our processes themselves to China. Since they're not interested in maintaining respect for intellectual property, we're giving them the very tools they need to best us.

In short, or own short-sighted greed is actively leading to our downfall as we speak.

Are you seriously comparing USSR to what China was 30 years ago? I'm asking because it's like comparing South and North Korea.USSR couldn't develop... bombers on its own?Dear God, how did they fight in WWII, may I ask?Why did they say no to the glorious "Shermans" and used their own T-34 instead (34 stands for year, mind you).How come they were the first to send Sputnik then Gagarin into space, despite US having German rocket genie, von Braun?Where did they get "Mig"s that caused so much trouble in Vietnam

That's because of the myth that Communism wasn't able to function at all. It did function but it didn't lead to a lot of happy people, nor a lot of variety or quality in products (I recall seeing an ad for "The Fridge" on Soviet TV, so advertised because it was the only fridge they made and it was in surplus at the time), The USSR managed to rebuild the Soviet Union from its decimated state after WWII back to being an industrial powerhouse, world power, etc. It did so at a massive human cost of course (measured in millions of people), and I am not saying it was a good thing but dismissing them and their version of the communist system casually out of hand is a mistake.The US basically outspent the USSR and active sought to destroy its economy, leading to the failure of Communism in the end. Some of the economic problems you face today in the US likely stem from that massive overspending in fact as it no doubt contributed heavily to your national debt.I think its a mistake to dismiss China in the same way. They are huge, they have a growing economy, they have massive manufacturing capabilities, and they are capable of independent research and discovery. The fact that they are playing catchup to the US at the moment, doesn't mean they might not surpass you at some point. Imagine how the US citizenry's morale is going to crash when the leading innovations in science and technology start coming from China instead of the US. What if the first mission to Mars comes from China instead of the US?Complacency and Hubris come at a cost.

I'm sure the Chinese government has their crack team of hackers, just like we do. Having said that...

I run a honeypot at work. 70% of the attacks do come from Chinese machines, but I suspect that's because the Chinese buy those $2 pre-hacked warez'd Windows CD's at the market and don't install security updates.

Of the actual living, breathing hackers that log into my honeypot, 1/3 of them come from Romanian IP's, and another 1/3 come from other eastern European countries, but the text files/strings in their utilities are Romanian. Wired has a good article which partly corroborates this.

I see two modes of attack. 98% are single machines launching 100's of attacks. 70% of those are in China. The other 2% are distributed attacks. These are more likely to be major power intelligence agencies, and don't have anywhere near the geographic concentration as the single-machine attacks (Chinese IP's are 15% of distributed attacks, same as Brazil).

Every black hat is probably running their operations through proxies in China these days so that the Western companies they break into will just say "damn dirty Chinese!" and never suspect someone in Europe or maybe just a few blocks away. China is a jurisdictional black hole.

Karl Marx said, the capitalist sells us the rope with which we will hang him. US companies aren't stupid, this is capitalism, hence the risk of IP getting stolen by the Chinese is already counted in. Obviously, it is still more profitable compared to producing domestically, where one has to deal with unions, layoffs, politicians, TV cameras etc.

Undeclared my ass. It's in the media, it's widely known, and pretty much the only rule is not to do something to the other side's infrastructure that kills people directly or gets too much of the population upset. That's like calling the intelligence war undeclared because the sides don't admit that they try to get plans of the other side's military hardware--only more so. We don't declare war, and this isn't a physical war, and there are certain proportionality requirements--and we argue for a pretension of deniability, but not plausible deniability.

This is probably going to sound racist, when I don't really intend it to. It's more "culturist" than anything else.

I work for a post-secondary institution with a large international student program. Most of our international students come from China, and when we break down the stats, the Chinese students are the most likely students to plagiarize others work, both in our online learning management system and in our face to face classroom environments.

What's more, they make no effort to hide their "enhanced group work" skills from their instructors. We've asked several of the students about this behaviour and have been told "that's how things work in China. It's commonplace there."

So it doesn't surprise me that Chinese hackers are trying to steal information from western companies.

TLDR: English-speaking nations around the world have conspired to use their signals intelligence capability (ECHELON) to engage in industrial espionage and pass trade secrets on to their own corporations.

What's more, they make no effort to hide their "enhanced group work" skills from their instructors. We've asked several of the students about this behaviour and have been told "that's how things work in China. It's commonplace there."

In regards with intellectual creation: a culture of sharing in clash with a culture of artificial scarcity?

That's what I was thinking. American rugged individualism VS Chinese collectivism. I know many people who complain that Chinese students all get together in a huddle every night in college to do their homework, seeing the practice as cheating instead of collaboration. The plagiarism is a problem, but it probably follows from cultural differences as well. In America, taking ideas from one source is plagiarism, taking from many is research.

If I made a dollar 3 years ago and had it stolen this year how much did I have stolen this year? $0 because I didn't make that dollar this year?

I don't believe the $500 billion estimate either but refuting it based upon how much money was made in the US in 2010 doesn't sound right to me.

Like say Google's source code for their search index was stolen how much is that valued at? Does the value only count for parts that were developed in the past year or could it have just been made MORE valuable in th

The reality check is it's impossible to put a monetary value on "stolen" data, because data only has value if it contains useful information. If I stole the production plans for the Boeing 747, it wouldn't be of value because I do not have the means to build 747s. Or in the '90s, the RIAA claiming that everyone who illegally downloaded an mp3 would have bought the album it it weren't available on Napster.

These are "assets", not revenue so aren't tied to GDP. If someone stole all of the gold out of Ft Knox, they'd have $200B worth of assets that would have no relation to GDP. Likewise, if they steal a secret chemical formula valued at $1B, that has no relation to GDP. (though the valuation is related to how much revenue it could earn).

In any case, the numbers are very suspect. No one knows who exactly is stealing the data, what data is stolen, or what they are doing with it, yet somehow they came up with a s

It's more than time for the poor little American-based multi-nationals to think about seriously investing in real security.
If your stuff is so valuable (don't believe that figure for an instant) how come it's so easily snatched?

have put lot's of poor security in place now if trained to people to do IT work and not let a theory based class room do the training and payed for the hardware needed to do the job right vs trying to get by with the old stuff for a very long time.

We wanted the "information economy", we got it. We ignored material progress and persisted in keeping an antiquated notion of "work" going for what? The work week was about 100 hours in the 19th century and was closer to 50 by the beginning of the 20th century. Despite all the "progress" I keep hearing about and how "productive" we all are sitting at our computers, the work week hasn't reduced, and it still takes 25 years to pay for a house built out of standard parts in six weeks.

We insist on performing theater for each other while farmers feed us, instead of really analyzing what gets done by who and FOR who.

It's no secret that the Industrial Revolution got a kickstart in the US via "stolen IP." The legend is that Samuel Slater memorized drawings across the pond in Blighty and came here with them in his head.

Another example would be dumpster diving at your competitor's company. Cutting up start strips from stamping operations is not because you want them to fit in the recycling dumpster better. The same for shredding code printouts and printed spreadsheets.

To suddenly be surprised that this is being done electronically on a systematic scale is to be utterly ignorant of history. And frankly, singling out China smells of hypocrisy, especially after two decades of US manufacturing companies willingly transferring their core manufacturing to China completely oblivious to the long term effects.

Why reinvent the wheel from scratch when you can simply snag the wheel.dwg from your competitor's computer?

What exactly did you expect? It's not just China, of course. We outsource to India, China, the Middle East and even Pakistan. We also educate foreigners here, and not in ethnomusicology or interpretive dance either. Do you think no theft will occur? No backdoors in hardware or software? No designs, models or code will be resold to competitors for a profit without your knowledge?

First we sold our security to the Arabs for cheap oil. Then we sold our minds to China and India for some cost savings. Our children will be selling their bodies, I expect.

If there's one thing I've learned about IT security, it's that it's almost impossible to secure data anyway. Maybe it would make more sense to follow development models in which there's no such thing as stealing.

I'm not sure why people aren't just allowing google to index their entire infrastructure. Really. It would be cheap backup and really easy to find your stuff. Sure, 0-days happen, mistakes are made, admins are not infallible but I can't blame the Chinese (or whoever) for picking the low-hanging fruit when it's been places so close to the ground.

"it is easier and cheaper to steal rather than develop the legal way."
this sentiment is emanating from a nation that has no credibility on 'the legal way' to develop anything in the 21st century. A nation comprised of just a few megacorporations that hover over an infinite sea of frivolous patents, casting them forth like pokemon at the slightest sight of national or international competition that cannot be bought, licensed, bribed, or outlawed by their pre-pay capitalist representatives in government.

information assets amount to the brainfarts of talented engineers and scientists who are in many cases ostracized entirely from the most meaningful components of their work such as the revenue stream and general application.
yeah, its an ideological battle that americans immediately jump around and compare to the cold war, but its the ideology of
ideas come from people, and they must be nurtured and encouraged for the good of all humankind
versus
ideas come from people, and they must be incarcerated, exploited, litigated and profiteered until a group of old white men get another yacht.

Recently they blocked ports from shipping in goods on the US West Coast. Most of those imports probably originated in China. So their actions were a blow against China, a repressive Communist regime.

This is weird. The Republicans are supporting a Communist regime in China while left wingers are taking part in protests protecting the US from Chinese imports. We're through the looking glass people....

500 1 million dollar R&D projects to put it into terms you can grasp. The article states that is what they got this year but the R&D is from many years so it's not that much. If the technology was from the last 10 years the amount stolen would represent 0.05% of the GDP for that period. That high rate can not be sustained and will drop off as the technology is better protected and the knowledge gap lessens.

We're seen this same shit since the 90's. Main function of it is to gain further laws in the US that makes it easier to abuse US nationals. Apart from the technical ignorance (if you were hacker, would you think of doing the connection yourself or using Chinese proxy!), US and Israel are the only countries in the world that want to use internet for sabotage. There have been numerous news about how hardly cybersabotage would hit US infrastucture, but it doesn't. It's a play to get acceptance towards U.S. doi

Am usually right there with y'all in demanding a complete redo on IP law, but not here.

Take anything we do well in America. Trace it down to materials science or some other obscure technological detail.

Now, *GIVE* that info to another country. Whoosh, there go a billion dollars of competitive advantage, or whatever the equivalent engineering/prototyping cost is.

In the cases of media, biology and pharm, it's a cost that some corp won't recoup. Bad juju. But in the case of weapons, armor and nuclear reactor designs, it's a cost that keeps china from marching on another nation. It doesn't take a huge amount of paranoia to suspect that Taiwan, South Korea, the Philippines, Indonesia, India and Japan remain sovereign partly because China isn't capable of our level of weaponry, submarine reactor longevity, space-based intelligence, etc.

There's no easy answer, and I'm not buying the cyberwarfare jingoism rants, but taking cybersecurity more seriously is important.

And the Han social construct has spent the last few thousand years killing off all other social constructs in china. China is a racist mono cultural xenophobic nation that would nazi germany a run for its money.

Citation needed. "Race" is obviously a simplification, but to deny there's no genetic difference between someone from China, someone from Africa, an aborigine from Australia, and someone from Germany is not only wrong but ridiculous. Furthermore, people from those different groups of people absolutely have recognizable genetic trends: i.e., two people from Germany will be much more similar genetically than a person from Germany and a person from China. Now of course, this is all relative; I've read once

"Race" is just a convenient term to try to place people into one of these various groups, although obviously it doesn't work for everyone (like someone who has parents from very different places), but then again the scientific concept of "species" isn't really black-and-white either and there's a lot of controversy about that too.

In other words, race is more or less a social construct, as opposed to one with a great deal of accuracy or usefulness in science. The genetic variation within African blacks is greater than the genetic variation of all other people combined, which means that people of the "black race" are actually in many cases far less closely related to one another than, say, European whites and south Asians. To say that differently, people of different races are often more similar genetically than people of the same rac

If my anthropology textbook is correct, "Chinese" is a specific subgroup of the "mongoloid" or "yellow" race, actually.I'll need to verify at the library, though; I'm a bit poor so I haven't been able to update my textbook since the 1883 edition.

You sure that isn't the 1983 edition? When I was in grade school, I clearly remember in 5th/6th grade (about 1984) being taught that there were three main races of people: "Caucasoid", "Negroid", and "Mongoloid".

I'm sure US businesses would be just as happy to substitute melamine to make an extra buck too. They've been substituting trans fats in our foods for ages, after all, even though those are proven to cause all kinds of health problems, but hydrolyzed vegetable oil is much cheaper than butter so corporations can improve their profits by using it.

The only way you're not going to have companies feeding you poison to make a buck is if there's a strong government that prohibits the practice and hold offenders accountable when caught. Pretty soon, when the Republicans take over the government, they'll eliminate the FDA (they're talking a lot about it already), so we'll get to enjoy melamine in our food too before long. (Of course, if the Democrats could help in the process and spin it somehow to blame the Republicans, the Dems will happily go right along with them.)